-1
我讓PHP網站 使用用戶/密碼登錄 但用戶可以跳過這個頁面使用
「=」「或」
'或1 = 1 喜歡這個 下面的代碼文件Login_Check.php如何避免「=」「或」
`
include("includeszzz/host_conf.php");
include("includeszzz/mysql.lib.php");
$obj=new connect;
$obj1=new connect;
$username=$_GET["username"];
$password=$_GET["password"];
//echo $username;
//echo $password;
$sql="select username from admin where username='$username'";
$obj->query($sql);
$U_num=$obj->num_rows();
//echo $U_num;
if($U_num!=0) {
$sql1="select password from admin where username='$username' and password='$password'";
$obj1->query($sql1);
$P_num=$obj1->num_rows();
if($P_num!=0) {
session_start();
$_SESSION["zizo"]="$username";
//header("location: welcome.php");
echo "1";
} else {
echo "Invalid Password Please Try Again";
}
} else {
echo "Invalid Username Please Try Again";
}
`
你所經歷稱爲[** SQL注入**](https://www.owasp.org/index .PHP/SQL_Injection)。閱讀我剛纔發佈的鏈接和一個在@ NathanTuggy的評論。 –